From 87cee571e76531485592eb32be536d6a4cc6afe7 Mon Sep 17 00:00:00 2001 From: Sergey Shatunov Date: Sat, 3 Jun 2023 00:18:33 +0800 Subject: [PATCH] Issue #214, #215: fix anonymous and cookie auth --- .../freedesktop/dbus/connections/SASL.java | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/SASL.java b/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/SASL.java index 190cf2ce..166c67f9 100644 --- a/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/SASL.java +++ b/dbus-java-core/src/main/java/org/freedesktop/dbus/connections/SASL.java @@ -93,15 +93,23 @@ private String findCookie(String _context, String _id) throws IOException { } File f = new File(keyringDir, _context); + long currentTime = System.currentTimeMillis() / 1000; try (BufferedReader r = new BufferedReader(new InputStreamReader(new FileInputStream(f)))) { String s = null; String lCookie = null; - TimeMeasure tm = new TimeMeasure(); while (null != (s = r.readLine())) { String[] line = s.split(" "); - long timestamp = Long.parseLong(line[1]); - if (line[0].equals(_id) && !(timestamp < 0 || (tm.getElapsedSeconds() + MAX_TIME_TRAVEL_SECONDS) < timestamp || tm.getElapsedSeconds() - EXPIRE_KEYS_TIMEOUT_SECONDS > timestamp)) { + if (line.length != 3) { + continue; + } + long timestamp; + try { + timestamp = Long.parseLong(line[1]); + } catch (NumberFormatException _ex) { + continue; + } + if (line[0].equals(_id) && timestamp >= 0 && currentTime >= timestamp - EXPIRE_KEYS_TIMEOUT_SECONDS && currentTime < timestamp + MAX_TIME_TRAVEL_SECONDS) { lCookie = line[2]; break; } @@ -344,6 +352,10 @@ SaslResult doChallenge(int _auth, SASL.Command _c) throws IOException { response = stupidlyEncode(buf); _c.setResponse(stupidlyEncode(clientchallenge + " " + response)); return SaslResult.OK; + case AUTH_ANON: + // Pong back DATA if server wants it for anonymous auth + _c.setResponse(_c.getData() == null ? "" : _c.getData()); + return SaslResult.OK; default: logger.debug("Not DBUS_COOKIE_SHA1 authtype."); return SaslResult.ERROR; @@ -388,7 +400,7 @@ SaslResult doResponse(int _auth, String _uid, String _kernelUid, SASL.Command _c logger.debug("Sending challenge: {} {} {}", context, id, challenge); _c.setResponse(stupidlyEncode(context + ' ' + id + ' ' + challenge)); - return SaslResult.OK; + return SaslResult.CONTINUE; default: return SaslResult.ERROR; } @@ -525,7 +537,6 @@ public boolean auth(SocketChannel _sock, AbstractTransport _transport) throws IO break; case OK: logger.trace("Authenticated"); - state = SaslAuthState.AUTHENTICATED; if (saslConfig.isFileDescriptorSupport()) { state = SaslAuthState.WAIT_DATA; @@ -555,7 +566,7 @@ public boolean auth(SocketChannel _sock, AbstractTransport _transport) throws IO switch (c.getCommand()) { case OK: send(_sock, BEGIN); - state = SaslAuthState.AUTHENTICATED; + state = SaslAuthState.FINISHED; break; case ERROR: case DATA: @@ -797,7 +808,6 @@ enum SaslAuthState { WAIT_REJECT, WAIT_AUTH, WAIT_BEGIN, - AUTHENTICATED, NEGOTIATE_UNIX_FD, FINISHED, FAILED;